package com.wnxy.config;

import com.sun.org.apache.bcel.internal.generic.NEW;
import com.wnxy.filter.PhoneAuthenticationFilter;
import com.wnxy.filter.QQAuthenticationFilter;
import com.wnxy.filter.RoleAccessFilter;
import com.wnxy.service.ManagerRoleService;
import com.wnxy.service.ManagerService;
import com.wnxy.service.impl.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //自定义的登陆失败处理器对象
    private FailureHandler fh = new FailureHandler();

    private PhoneSuccessHandler psh=new PhoneSuccessHandler();
    private PhoneFailureHandler pfh=new PhoneFailureHandler();
    private QQSuccessHandler qh=new QQSuccessHandler();
    private QQFailureHandler qfh=new QQFailureHandler();


    @Autowired
    private ManagerService managerService;
    @Autowired
    private ManagerRoleService managerRoleService;

    //自定义的登陆成功处理器对象
//    private SuccessHandler sh = new SuccessHandler(managerService);


    @Autowired
    private StringRedisTemplate srt;
    @Autowired
    private RedisTemplate<String,Object> rt;
    @Autowired
    private AuthPattern authPattern;
    //向容器中注入一个密码加密工具
    @Bean
    public  PasswordEncoder createPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    public CorsFilter getCorsFilter() {
        UrlBasedCorsConfigurationSource cfs = new UrlBasedCorsConfigurationSource();
        CorsConfiguration cors = new CorsConfiguration();
        cors.addAllowedOriginPattern("*");
        cors.addAllowedMethod("*");
        cors.setAllowCredentials(true);
        cors.addAllowedHeader("*");
        cfs.registerCorsConfiguration("/**", cors);
        CorsFilter cf = new CorsFilter(cfs);
        return cf;
    }
    @Bean
    public HttpFirewall defaultHttpFirewall() {
        return new DefaultHttpFirewall();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SuccessHandler sh = new SuccessHandler(managerService);



        PhoneAuthenticationFilter paf = new PhoneAuthenticationFilter(managerService,srt,psh,pfh);
        QQAuthenticationFilter qf = new QQAuthenticationFilter(managerService,managerRoleService);
        qf.setAuthenticationSuccessHandler(qh);
        qf.setAuthenticationFailureHandler(qfh);
        RoleAccessFilter raf = new RoleAccessFilter(fh,rt,authPattern);

        http
              .addFilterAfter(raf, FilterSecurityInterceptor.class)
                .addFilterBefore(qf, UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(paf, UsernamePasswordAuthenticationFilter.class)
//                .addFilterBefore(getCorsFilter(), ChannelProcessingFilter.class)
                .httpBasic().disable()
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers(authPattern.getPatterns()).permitAll()
//                    .antMatchers("/perform/**/*").hasAnyAuthority("perform","admin","system")
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/manager/loginPage")
                    .loginProcessingUrl("/login")
                    .successHandler(sh)
                    .failureHandler(fh);
    }
}
